Prediction of drive-by download attacks on Twitter

Javed, Amir; Burnap, Pete; Rana, Omer

doi:10.1016/j.ipm.2018.02.003

Cited by 23 publications

(14 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, giving us 6,122 malicious sample across seven sporting events and a malicious log containing millions of rows of machine activity. The collected malware sample when compared to previous studies, like by Moser et al [40] (308 malware sample), Ahmadi et al [1] (806 malware sample) and Naval et al [41] (2,435 malware sample), was a bigger and diverse sample that was collected over a period of three years and was used to built a drive-by download prediction model [28].…”

Section: Data Collectionmentioning

confidence: 99%

“…Number of user mentions were used because an adversary could make their post visible to an influential user that has high number of follower by mentioning them in their post. Similarly, age of account was chosen because it has been used as a parameter to identify tweets containing malicious URLs [28]. Both emotion and sentiment were chosen because they have in the past been used to understand propagation of post [5].…”

Section: Dependent Measurementioning

confidence: 99%

“…Twitter's popularity continues to attract cybercriminals to carry out various cyber attacks. Cyber attacks such as distributed denial of service [32], cross-site scripting [22], Trojan attacks [42] and drive-by downloads [28] continue to be major threats on Twitter.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Emotions Behind Drive-by Download Propagation on Twitter

Javed¹,

Burnap²,

Williams³

et al. 2020

ACM Trans. Web

Self Cite

View full text Add to dashboard Cite

Twitter has emerged as one of the most popular platforms to get updates on entertainment and current events. However, due to its 280 character restriction and automatic shortening of URLs, it is continuously targeted by cybercriminals to carry out drive-by download attacks, where a user's system is infected by merely visiting a Web page. Popular events that attract a large number of users are used by cybercriminals to infect and propagate malware by using popular hashtags and creating misleading tweets to lure users to malicious Web pages. A drive-by download attack is carried out by obfuscating a malicious URL in an enticing tweet and used as clickbait to lure users to a malicious Web page. In this paper we answer the following two questions: Why are certain malicious tweets retweeted more than others? Do emotions reflecting in a tweet drive virality? We gathered tweets from seven different sporting events over three years and identified those tweets that were used to carry to out a drive-by download attack. From the malicious (N=105,642) and benign (N=169,178) data sample identified, we built models to predict information flow size and survival. We define size as the number of retweets of an original tweet, and survival as the duration of the original tweet's presence in the study window. We selected the zero-truncated negative binomial (ZTNB) regression method for our analysis based on the distribution exhibited by our dependent size measure and the comparison of results with other predictive models. We used the Cox regression technique to model the survival of information flows as it estimates proportional hazard rates for independent measures. Our results show that both social and content factors are statistically significant for the size and survival of information flows for both malicious and benign tweets. In the benign data sample, positive emotions and positive sentiment reflected in the tweet significantly predict size and survival. In contrast, for the malicious data sample, negative emotions, especially fear, are associated with both size and survival of information flows. CCS Concepts: • Security and privacy → Social network security and privacy.

show abstract

Section: Data Collectionmentioning

confidence: 99%

Section: Dependent Measurementioning

confidence: 99%

See 1 more Smart Citation

Emotions Behind Drive-by Download Propagation on Twitter

Javed¹,

Burnap²,

Williams³

et al. 2020

ACM Trans. Web

Self Cite

View full text Add to dashboard Cite

show abstract

“…Drive-by or download (FIGURE 4-3.6) is another software threat that requires no action from the user, however, the malicious code is automatically downloaded. It contributed to 48% of all web-based attacks in 2017 [87], [88] and is considered one of the main threats in 2019 [89]. Fingerprinting (FIGURE 4 -3.3) and misconfiguration are also forms of software threats.…”

Section: ) Host Threatsmentioning

confidence: 99%

A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems

et al. 2020

View full text Add to dashboard Cite

As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats, researchers have proposed numerous solutions for anomaly detection; however, current tools often fail to adapt to ever-changing architectures, associated threats and zero-day attacks. This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats. To this end, this manuscript provides researchers with two key pieces of information; a survey of prominent datasets, analyzing their use and impact on the development of the past decade's Intrusion Detection Systems (IDS) and a taxonomy of network threats and associated tools to carry out these attacks. The manuscript highlights that current IDS research covers only 33.3% of our threat taxonomy. Current datasets demonstrate a clear lack of realnetwork threats, attack representation and include a large number of deprecated threats, which together limit the detection accuracy of current machine learning IDS approaches. The unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data. As a result, this will improve the efficiency of the next generation IDS and reflect network threats more accurately within new datasets.

show abstract

“…This special issue covers a wide range of applications that rely on real-time processing of social media, including event detection [8,14,7], cybersecurity [10], opinion mining [5] and automatic geo-localization [7]. The diversity of submissions received shows the need for furthering research in processing social media streams in a (near) real-time.…”

Section: Conclusion and Future Research Directionsmentioning

confidence: 99%